예제 #1
0
 def get_count_of_users_with_permission(self, service_id, permission):
     if permission not in roles.keys():
         raise TypeError('{} is not a valid permission'.format(permission))
     return len([
         user for user in self.get_users_for_service(service_id)
         if user.has_permission_for_service(service_id, permission)
     ])
예제 #2
0
def get_permissions_from_form(form):
    # view_activity is a default role to be added to all users.
    # All users will have at minimum view_activity to allow users to see notifications,
    # templates, team members but no update privileges
    selected_roles = {role for role in roles.keys() if form[role].data is True}
    selected_roles.add('view_activity')
    return selected_roles
예제 #3
0
def remove_user_from_service(service_id, user_id):
    user = user_api_client.get_user(user_id)
    # Need to make the email address read only, or a disabled field?
    # Do it through the template or the form class?
    form = PermissionsForm(
        **{
            role: user.has_permission_for_service(service_id, role)
            for role in roles.keys()
        })

    if request.method == 'POST':
        try:
            service_api_client.remove_user_from_service(service_id, user_id)
        except HTTPError as e:
            msg = "You cannot remove the only user for a service"
            if e.status_code == 400 and msg in e.message:
                flash(msg, 'info')
                return redirect(url_for('.manage_users',
                                        service_id=service_id))
            else:
                abort(500, e)

        return redirect(url_for('.manage_users', service_id=service_id))

    flash('Are you sure you want to remove {}?'.format(user.name), 'remove')
    return render_template('views/edit-user-permissions.html',
                           user=user,
                           form=form)
예제 #4
0
def edit_user_permissions(service_id, user_id):
    service_has_email_auth = 'email_auth' in current_service['permissions']
    # TODO we should probably using the service id here in the get user
    # call as well. eg. /user/<user_id>?&service=service_id
    user = user_api_client.get_user(user_id)
    user_has_no_mobile_number = user.mobile_number is None

    form = PermissionsForm(**{
        role: user.has_permission_for_service(service_id, role)
        for role in roles.keys()
    },
                           login_authentication=user.auth_type)
    if form.validate_on_submit():
        user_api_client.set_user_permissions(
            user_id,
            service_id,
            permissions=set(get_permissions_from_form(form)),
        )
        if service_has_email_auth:
            user_api_client.update_user_attribute(
                user_id, auth_type=form.login_authentication.data)
        return redirect(url_for('.manage_users', service_id=service_id))

    return render_template('views/edit-user-permissions.html',
                           user=user,
                           form=form,
                           service_has_email_auth=service_has_email_auth,
                           user_has_no_mobile_number=user_has_no_mobile_number)
예제 #5
0
 def permissions(self):
     return {role for role in roles.keys() if self[role].data is True}
예제 #6
0
 def from_user(cls, user, service_id):
     return cls(**{
         role: user.has_permission_for_service(service_id, role)
         for role in roles.keys()
     },
                login_authentication=user.auth_type)